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Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://ipr.etsi.org) . 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 



Foreword 

This Technical Specification (TS) has been produced by ETSI Technical Committee Smart Card Platform (SCP). 

The contents of the present document are subject to continuing work within TC SCP and may change following formal 
TC SCP approval. If TC SCP modifies the contents of the present document, it will then be republished by ETSI with 
an identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

x the first digit: 

early working draft; 

1 presented to TC SCP for information; 

2 presented to TC SCP for approval; 

3 or greater indicates TC SCP approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 
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Scope 



The present document defines additional features that are to be provided by the UICC to support EAP authentication 
capabilities. 

The goal of these new features is to adapt the UICC to provide support of different EAP methods, ensuring 
interoperability between the UICC and any terminal independently of their respective manufacturers. 

The present document defines: 

• The architectural framework. 

• The additional commands required. 



2 References 

References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the 
reference document (including any amendments) applies. 

• In the case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version 
of that document in the same Release as the present document. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee 
their long term validity. 

2.1 Normative references 

The following referenced documents are necessary for the application of the present document. 

[1] IETF RFC 3748: "Extensible Authentication Protocol (EAP)". 

NOTE: See at http://www.ietf.org/rfc/rfc3748.txt . 

[2] ETSI TS 102 221: "Smart cards; UICC-Terminal interface; Physical and logical characteristics". 

[3] IETF RFC 2716: "PPP EAP TLS Authentication Protocol". 

NOTE: See at http://www.ietf.org/rfc/rfc2716.txt . 

[4] IETF RFC 4282: "The Network Access Identifier". 

NOTE: See at http://www.ietf.org/rfc/rfc4282.txt . 

[5] IETF RFC 266 1 : "Layer Two Tunneling Protocol L2TP" . 

NOTE: See at http://www.ietf.org/rfc/rfc2661.txt . 

[6] IETF RFC 1 66 1 : "The Point-to-Point Protocol (PPP)" . 

NOTE: See at http ://www.ietf .org/rfc/rfc 1 66 1 .txt . 

[7] IEEE Std 802.1X-2004: "IEEE Standard for Local and metropolitan area networks Port-Based 

Network Access Control". 

[8] IEEE Std 802.1 1-2007: "Telecommunications and information exchange between systems - Local 

and Metropolitan Area networks - Specific requirements - Part 1 1 : Wireless LAN Medium Access 
Control (MAC) and Physical Layer (PHY) Specifications". 
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2.2 Informative references 

The following referenced documents are not necessary for the application of the present document but they assist the 
user with regard to a particular subject area. 

Not applicable. 



3 Definitions and abbreviations 

3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply: 

authenticator: end of the EAP link initiating EAP authentication 

peer or supplicant: end of the EAP Link that responds to the authenticator 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

AKA Authentication and Key Agreement 

DF Dedicated File 

DO Data Object 

EAP Extensible Authentication Protocol 

EF Elementary File 

L2TP Layer two Tunnelling Protocol 

LAN Local Area Network 

MSK Master Session Key 

NAI Network Access Identifier 

PPP Point-to-Point Protocol 

TLS Transport Layer Security 

UTF UCS Transformation Format 

WEP Wired Equivalent Privacy 



4 Introduction 

The Extensible Authentication Protocol is a general authentication framework, which supports multiple authentication 
methods. EAP typically may run directly over data link layers such as PPP (see RFC 1661 [6]) or 
IEEE Std 802.1X-2004 [7] and IEEE Std 802.11-1999 [8]. 

As described in RFC 3748 [1], EAP implementations consist of three main components: 

• A lower layer that is responsible for transmitting and receiving EAP frames between the peer and the 
authenticator. EAP has been run over a variety of lower layers (including PPP, IEEE 802 LANs, IEEE 802.1 1 
WLANs, and L2TP (see RFC 2661 [5])). 

• An EAP layer that receives and transmits EAP packets via the lower layer, implements duplicate detection 
and retransmission, and delivers and receives EAP messages to and from EAP methods. 

• EAP methods that implement the authentication algorithms and receive/transmit EAP messages via the EAP 
layer. 
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The UICC offers suitable possibilities for the implementation of some of these EAP methods in the peer side, since it 
provides the required protection of credentials and authentication algorithms. This is even more important when the 
following conditions apply: 

• The authentication methods require the usage of credentials that are stored in the UICC. 

• For security reasons, these credentials are not to be revealed in clear in an unprotected peer environment 
(e.g. a laptop or mobile terminal). 

The present document defines the principles that shall be implemented in the UICC in order to enable that UICC 
applications may support one or more of these EAP methods. 



5 Architecture 

5.1 Architectural Principles 

The following architectural principles are applied: 

• The authenticator is able to perform an EAP authentication process (using an specific EAP method) with a 
UICC application implementing this method. That means that the authentication is performed end-to-end 
between the authenticator and the UICC application. 

• The peer is composed of several components: 

The UICC EAP Framework provides information to the terminal about the existing UICC applications 
that provide UICC EAP clients. 

A UICC application provides one or more UICC EAP clients. 

A UICC EAP client implements one specific EAP method. 
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Figure 5.1 : EAP architecture when supplicant is split between a UICC and a terminal 
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5.2 EAP clients discovery 



When a UICC application implements one or more EAP clients, its corresponding record in EF DIR shall contain the 
following EAP related Data Objects: 

• Application EAP support types list: defining the EAP methods supported by the corresponding UICC 
application. 

• Application EAP Dedicated File list: defining a list of Dedicated Files, each of them associated to one 
supported EAP method. Likewise, each EAP method is associated to one DF. Each of this DF are hereafter 



referred as DFi 



EAP- 



Application EAP Label: Defining a user readable label defining the EAP clients. 

Table 5.1 : Coding of EAP related DOs 



Bytes 


Length 


Description 


Status 


1 


1 


Discretionary template tag = 73' 


M 


2 


1 


Length of the discretionary template = X 


M 


3 to (2+X) 


X 


Discretionary Template 


X 



Table 5.2: Coding of EAP Discretionary Template related DOs 



Bytes 


Length 


Description 


Status 


1 


1 


EAP Application service specific data content tag ='A0' 


M 


2 


1 


EAP Application service specific data content length = Y 


M 


3 to (2+Y) 


Y 


EAP Application service specific data content 


M 



Table 5.3: Coding of EAP Application Service Specific Data Content related DOs 



Bytes 


Length 


Description 


Status 


1 




Application EAP supported types list tag = '80' 


M 


2 




Length of the Application EAP supported types list = A 


M 


3 to (2+A) 


A 


Application EAP supported types list 


M 


3+A 




Application EAP Dedicated file list tag = '81' 


M 


4+A 




Length of Application EAP Dedicated file list = B 


M 


(5+A) to (4+A+B) 


B 


Application EAP Dedicated File list 


M 


5+A+B 




Application EAP Label tag = '82' 


M 


6+A+B 




Length of the Application EAP Label = C 


M 


(7+A+B) to (6+A+B+C) 


C 


Application EAP Label 


M 



Coding: 



• Application EAP supported types list: 

Contain a list of supported EAP type (as defined in RFC 3748 [1]) each of them coded in one byte except 
for expanded types that are coded on 8 bytes. 

EXAMPLE 1: An UICC application supporting EAP-MD5 (see RFC 3748 [1]) and EAP-TLS (see RFC 2716 [3]) 
provides the following "Application EAP supported types list": 

'040D'corresponding to EAP-MD5 (Type=4) and EAP-TLS (Type=13). 

• Application EAP Dedicated Files list: 

Contain a list of file identifiers of each DF EAP associated to a particular supported EAP type. Each of 
them coded in two bytes. 



ETSI 



Release 9 9 ETSI TS 1 02 31 V9.1 .0 (201 2-09) 

EXAMPLE 2: Using the previous example, A DF '6D34' for EAP-MD5 and a DF '6D35' for EAP-TLS will result 
in the following EAP Dedicated Files list: 

'6D346D35'. 

• Application EAP label: 

The application label is a DO that contains a string of bytes provided by the application provider to be 
shown to the user for information. 

5.3 EAP-capable-application selection 

The terminal shall use the information in EF DIR file if available to present the list of EAP-capable applications to the 
user or to any application that may request an EAP authentication. 

The terminal shall then select the corresponding EAP-capable-application to start an EAP authentication. Once selected, 
all EAP-Client state machines of the application are reset. 

5.4 Key derivation 

It is possible for many EAP methods to derive key material after successful authentications. These keys may be used for 
subsequent processes (e.g. for WEP encryption in IEEE Std 802.11-1999 [8]). 

Keys derived from an authentication shall be retrieved by the terminal by inspecting the file EF EAPKEY s- 

5.5 Authentication Status 

The terminal may retrieve the authentication status of the EAP client in the selected UICC application by inspecting the 
mandatory file EF EAPSTATUS . 



6 EAP related Commands 

The following clauses specify the additional commands needed to implement the EAP framework in the UICC. 

6.1 EAP Authenticate 
6.1 .1 Command description 

The function is used to transfer the EAP packets from the terminal to the selected UICC EAP client (i.e. EAP client in 
the selected UICC application that corresponds to the given EAP type). 

The UICC EAP client shall provide a response EAP packet (as defined in RFC 3748 [1]) or a warning status word 
according to the authentication method being used. 

The UICC EAP client shall maintain the state machine of the authentication process as described for the particular EAP 
method used. 

The function is related to a particular UICC application supporting EAP and shall not be executable unless this 
application has been selected and activated, and the current directory is a DF EAP corresponding to a specific EAP 
method. The correspondence between EAP type and the current DF EAP is defined in EF DIR . 

Each UICC application implementing a UICC EAP client may require different security conditions to execute this 
command (e.g. user PIN verification). 

The format of the EAP packet is defined by the application implementing the EAP client and shall respect the 
conventions corresponding for the EAP method. 
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The following EAP packets are allowed input packets for this command: EAP packets with code field equal to 

1 "Request", 3 "Success" or 4 "Failure" and EAP packets with code equal to 2 "Response" for EAP type 1 "Identity" 

(Code and type values as defined in RFC 3748 [1]). 

NOTE: EAP Response Identity packet may be delivered to the UICC application when the identity is managed 
outside the UICC application and the method itself needs to have access to the chosen identity. 

The command and response data may contain specific EAP method related data as an additional input/output parameter 
(e.g. gmt_unix_time for EAP-TLS implementations as defined in RFC 2716 [3]). 

Depending on the length of the EAP input data, the EAP Authenticate may be used with an EVEN or ODD INS code. 
In the latter case, the EAP input and response data shall be encapsulated in BER TLV data objects, as specified in 
TS 102 221 [2]. 



Input: 



Output: 



Or: 



EAP Packet; 

EAP method related data. 

Either none (i.e. if authentication successful: EAP success packet received). 

EAP Response Packet; 
EAP method related data. 



6.1.1.1 



Command parameters and data 



Code 


Value 


CLA 


As specified in ETSI TS 102 221 [2] 


INS 


As specified in ETSI TS 102 221 [2] 


P1 


As specified in ETSI TS 102 221 [2] 


P2 


See table 6.1 


Lc 


Length of subsequent EAP command data 


Data 


See below 


Le 


Length of the response data 



Table 6.1: Coding of P2 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 


Meaning 


1 


- 


- 


- 


- 


- 


- 


- 


Specific reference data (DF EAP application dependent KEY) 


- 


X 


X 


- 


- 


- 


- 


- 


'00' (other values are RFU) 


- 


- 


- 


X 


X 


X 


X 


X 


Reference data number ('01 ' to '1 F) 


























See TS 102 221 [2] 


NOTE: The reference data number assignment rule shall be defined in the application specification referencing 
the present document. 



The reference data number assignment rule shall be defined in the application specification referencing the present 
document. In case the UICC based application specification does not define a Reference Data Number for the EAP 
AUTHENTICATE command, then P2 shall be set to '00'. 
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Command data: 



Byte(s) 


Description 


Length 


1 toLc 


EAP command data (see table 6.2) 


Lc 



Table 6.2: Coding of EAP command data 



Byte(s) 


Description 


Status 


Length 


1 to J 


EAP packet (coded as defined for the method 
of EAP used as defined in RFC 3748 [1]) 


M 


J bytes 


J+1 to 
J+K+1 


EAP method related data (must be specified by 
each application specific document defining a 
particular EAP method implementation) 





K bytes 


NOTE: The length of an EAP packet is contained within the packet and can therefore be 
retrieved from it. 



Response data: 



Byte(s) 


Description 


Length 


1 toLe 


EAP Packet Response Data (see table 6.3) 


Le 



Table 6.3: Coding of EAP Response data 



Byte(s) 


Description 


Status 


Length 


1 toL 


EAP packet 


M 


L bytes 


L+1 to 
L+N+1 


EAP method related data (must be specified by 
each application specific document defining a 
particular EAP method implementation) 





N bytes 


NOTE: The length of an EAP packet is contained within the packet and can therefore be 
retrieved from it. 



6.2 Specific status conditions returned 

This clause specifies the coding of the specific status words SW1 and SW2. 

6.2.1 Status words 

Table 6.4 shows the meaning of possible status conditions returned. 

Table 6.4: Status byte coding - warnings 



SW1 


SW2 


Description 


'62' 


'00' 


- No information given, state of non volatile memory unchanged (EAP Packet silently ignored) 




Table 6.5: Status byte coding - application errors 






SW1 


SW2 


Description 






'98' 


'62' 


- Authentication error (EAP Failure Packet received) 
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EAP Files 



This clause describes the files present in an application supporting an EAP type. The following files are situated under 
the corresponding DF EAP of a particular UICC application. 



7.1 



EF 



EAPKEYS 



(EAP derived keys) 



This EF contains the key material derived after a successful EAP authentication. 

Table 7.1 : Structure of EF EAPKEYS 



Identifier: '4F0V 


Structure: transparent 


Conditional 
(see note) 


SFI: Optional 




File size: n 


Update activity: high 


Access Conditions: 
READ PIN 
UPDATE ADM/NEVER 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 


1 st Key Tag 





1 bytes 


2 


1 st Key Length 





1 bytes 


3toL1+2 


1 st Key Value 





L1 bytes 










2(k-1) + L1 + +L(k-1) + 1 


K st Key Tag 





1 bytes 


2(k-1) + L1 + +L(k-1)+ 2 


K st Key Length 





1 bytes 


(2(k-1) + L1 + +L(k-1)+ 3) to 
(L1 +... + Lk + 2k) 


K st Key Value 





LK bytes 


(L1 +... + Lk + 2k+1)ton 


'FF' padding 







NOTE: The presence of this file depends on the supported EAP method. 



Key Tag 

Contents: 

■ Identifier of the derived key. 
Coding: 

■ The assigned Key tag values are given in the following table. 



Derived key description 


Key tag value 


Reference 


Master Session Key (MSK) 


'80' 


RFC 3748 [1] 


Extended Master Session Key (EMSK) 


'81' 


RFC 3748 [1] 



Key Length 
Contents: 

■ Length of the derived key. 
Key Value 

Contents: 

■ Derived key. 
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7.2 



EF 



EAPSTATUS 



(EAP Authentication STATUS) 



This EF contains the authentication status corresponding to the EAP client supported by the application. 

Table 7.2: Structure of EF EAPSTATUS 



Identifier: ' 


4F02' 


| Structure: transparent 


Mandatory 


SFI 


: Optional 






File size: 1 


Update activity: 


high 


Access Conditions: 

READ 

UPDATE 

DEACTIVATE 

ACTIVATE 




PIN 

ADM/NEVER 
ADM 
ADM 




Bytes 


Description 


M/O 


Length 


1 


Authentication Status 


M 


1 bytes 



Authentication Status 
Contents: 

■ Status of the corresponding EAP authentication. 
Coding: 

■ Authentication Status coded in one byte as below. 



Value 


Meaning 


'00' 


No authentication started 


■or 


Authenticating 


'02' 


Authenticated 


'03' 


Held (Authentication failure) 



7.3 EF PUId (Permanent User Identity) 



This EF contains the permanent user identity. Permanent User identity may be used as the username part of the Network 
Access Identifier (see RFC 4282 [4]). 

This file is not mandatory if the Permanent user identity is derived by other means. 

Table 7.3: Structure of EF PU | d 



Identifier: '4F03' Structure: transparent Optional 


SFI: Optional 




File size: n (where n >10 bytes) 


Update activity: low 


Access Conditions: 
READ PIN 
UPDATE ADM 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 ton 


Permanent user identity 


M 


n bytes 
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• Permanent user identity 
Contents: 

■ user identity to be used as the username part of the NAI. 
Coding: 

■ Binary. Unused bytes at the end shall be set to "FF" and shall not be considered as a part of the 
value. 



7.4 EF Ps (Pseudonym) 



This EF contains a temporary user identifier (pseudonym) for subscriber identification. Pseudonyms may be provided as 
part of a previous authentication sequence. This may be used as the username part of the Network Access Identifier 
(see RFC 4282 [4]). 

This file is not mandatory if pseudonyms are not managed by the application or they are derived by other means. 

Table 7.4: Structure of EF Ps 



Identifier: '4F04' Structure: transparent Optional 


SFI: Optional 




File size: n 


Update activity: high 


Access Conditions: 
READ PIN 
UPDATE PIN 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 ton 


Pseudonym 


M 


n bytes 



Pseudonym 
Contents: 

■ Pseudonym to be used as the username part of the NAI. 
Coding: 

■ Binary. Unused bytes at the end shall be set to "FF" and shall not be considered as a part of the 
value. 



7.5 EF CurlD (Current Identity) 



EF CurID contains the user identity (including the realm part) that has been used in the most recent (re-) authentication. 
The whole file content shall be set to 'FF' for a UICC that is not EAP authenticated. 
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Table 7.5: tructure of EF CuND 



Identifier: '4F20' Structure: transparent 


Optional 


SFI: Optional 




File size: > L+1 


Update activity: 


high 


Access Conditions: 
READ PIN 
UPDATE PIN 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 


Current user identity Type 


M 


1 byte 


2 


Current user identity Length (L) 


M 


1 byte 


3 to (L+2) 


Current user identity 


M 


L bytes 



Current user Identity type: 
Contents: Identity type. 
Coding: 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 


Meaning 


























Permanent Identity (see note) 























1 


Pseudonym 




















1 





Re-authentication Identity 


Any other value 


RFU 


NOTE: When the Current Identity is set to an Identity that should not be revealed, the 

Current User Identity Length may be set to '00' and the current user identity value 
may be empty (bytes set to 'FF'). 



• Current user Identity length: 

Contents: Identity length. 

Coding: The actual length of identity. 

• Current user identity: 

Contents: Identity value as NAI format. 

Coding: Encoded to an octet string according to UTF-8 encoding rules. All bytes included in the length 
are part of the value. 

Empty bytes at the end of the file beyond the objects indicated above, if any, shall be ignored by the terminal and set to 
'FF'. 

7.6 EF RelD (Re-Authentication Identity) 

EpReiD contains parameter (counter) associated with the re-authentication identity that is used in fast 
re-authentication. Re-authentication identity is provided at the previous authentication stage. 
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Table 7.6: Structure of EF Re!D 



Identifier: '4F2V Structure: transparent Optional 


SFI: Optional 




File size: > j+k+3 


Update activity: low 


Access Conditions: 
READ PIN 
UPDATE PIN 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 


Re-authentication identity Tag ('80') 


M 


1 byte 


2 


Re-authentication identity Length 


M 


1 byte 


3 to (j+2) 


Re-authentication identity Value 


M 


j bytes 


i+3 


Re-authentication Counter Tag ('81') 


M 


1 byte 


i+4 


Re-authentication Counter Length 


M 


1 byte 


(j+5) to (j+k+4) 


Re-authentication Counter Value 


M 


k bytes 



• Re-authentication Identity TLV: 

Contents : Re-authentication Identity as NAI format. 

Coding : Value is encoded to an octet string according to UTF-8 encoding rules. All bytes included in the 
length are part of the value. 

• Re-authentication Counter: 

Contents : Re-authentication Counter TLV. 

Coding : Binary. 

Empty bytes at the end of the file beyond the objects indicated above, if any, shall be ignored by the terminal and set to 
'FF. 



7.7 



EF Realm (Realm value of the identity) 



EF Realm contains the Realm value of the EAP AKA Identity. 

Table 7.7: Structure of EF Rea | m 



Identifier: '4F22' 


| Structure: transparent | 


Optional 


SFI: 


Optic 


Dnal 




File 


size: 


>L 


Update activity: 


low 


Access Conditions: 

READ 

UPDATE 

DEACTIVATE 

ACTIVATE 




PIN 
PIN 
ADM 
ADM 




Bytes 


Description 


M/O 


Length 


1 


Realm length (L) 


M 


1 byte 


2to(L+1) 


Realm 


M 


L bytes 



• Realm: 

Contents: Realm value of Identity, which is part of NAI. The " @ " sign is not included in the realm value. 

Coding: Refer to RFC 4282 [4]. All bytes included in the length are part of the value. 

Empty bytes at the end of the file beyond the object indicated above, if any, shall be ignored by the terminal and 
set to 'FF'. 
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Annex A (normative): 
List of SFI Values 

This annex lists SFI values assigned in the present document. 



A.1 List of SFI Values at the DF EA p Level 



File Identifier 


SFI 


Description 


'4F01' 


'01 ' 


EAP derived keys (EF EAPKEYS ) 


'4F02' 


'02' 


EAP Authentication STATUS (EF EAPSTATUS ) 


'4F03' 


'03' 


Permanent User Identity (EF PU | d ) 


'4F04' 


'04' 


Pseudonym (EF Ps ) 


'4F20' 


'10' 


Current User Identity (EF Cur | D ) 


'4F2V 


'11' 


Re-authentication Identity (EF Re | D ) 


•4F22' 


'12' 


Realm (EF Realm ) 



All other SFI values are reserved for future use. 
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Annex B (informative): 
Change history 



This annex lists all change requests approved for the present document by ETSI SCP. 



SCP# 


SCP 
tdoc 


Version 


CR 


RV 


CAT 


SUBJECT 


Resulting 
Version 


19 


SCP-040420 


6.0.0 


001 
002 




F 
F 


Clarification on references and clarification on the coding of P2 

authenticate parameter 

Allocation of new tag values for EAP 


6.1.0 


22 


SCP-050246 


6.1.0 


003 




F 


Clarification on the coding of P2 in the EAP authenticate command 


6.2.0 


35 




6.2.0 


- 


- 


- 


Rel-7 version is created from the latest Rel-6 version, with no 
technical changes 


7.0.0 




35 


SCP-080039 


6.2.0 


004 


1 


B 


EAP Authenticate correction (Alignment with TS 102 221 for 
Extended Authenticate) 


8.0.0 


40 


SCP-090026 


8.0.0 


005 


- 


F 


Multiple Corrections 


8.1.0 


41 


SCP-090171 


8.1.0 


006 


1 


F 


DF EAP updates to fulfil WiMax requirements 


8.2.0 


42 


SCP-090272 


8.2.0 


007 


2 


D 


Clarification of TLV structure 


9.0.0 


55 


SCP(1 2)000099 


9.0.0 


009 




A 


Correction of the List of SFI Values at the DFEAP Level 


9.1.0 
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